Application Security Engineer
HomeAdvisor and our sister company, Angie’s List, have combined to create the largest Homeservices marketplace in the nation. Part of ANGI Homeservices (ANGI), we connect millions of homeowners across the globe with home service professionals through our innovative and user-friendly products. ANGI Homeservices operates 10 brands in eight countries, and is headquartered in Golden, CO.
SUMMARY:
Incumbent serves as an Application Security Engineer, responsible for working with application developers, development managers, product managers, and business units to implement security and technology controls, processes, and best practices for in-house and third-party applications. The Application Security Engineer provides technical expertise to establish and implement security related standards, procedures, and guidelines appropriate to securing the existing environment.
DUTIES:
Serve as the primary technical contact and expert in all aspect of application security.
- Be a hands-on subject matter expert (SME) working directly with the application developers and project teams by directly participating in application development and procurement processes
- Assess application security posture through the use of automated tools and manual techniques to identify and verify exposure to common security vulnerabilities.
- Provide remediation guidance to development teams.
- Develop, implement and manage application security policies, standards, procedures, and guidelines that will assist the application development teams in integrating security requirements within their applications and databases.
- Research, recommend, implement, and maintain application security tools.
- Serve as the AppSec subject matter expert for the Incident Response team and investigate any possible incidents impacting the company
- Perform other related duties as assigned.
EDUCATION/EXPERIENCE/LICENSURE:
Possession of an undergraduate degree in computer information technology, computer engineering, or related degree.
- Minimum 3 year of Application Security experience through employment, community involvement, academic or self-study required.
- CISSP, CSSLP, GWAPT, or related certification(s) preferred
KNOWLEDGE, SKILLS AND ABILITIES:
Understanding of OWASP security concepts and common application security risks, such as XSS, XSRF, SQL Injection, Cookie Manipulation, etc.
- Exposure with software penetration testing, secure code review, architectural risk assessment, static code analysis.
- Proficiency in one or more of the following languages: Java/J2EE, Scala, JavaScript, & Python.
- Ability to communicate effectively via multiple channels with technical and non-technical staff.
- Ability to be versatile and handle multiple projects and re-prioritizations.
- Ability to maintain self-motivation and to work independently and in team environments.
We're eager to tell you more about the projects you'll be working on, and hear more about your background. If you're interested in a career with us, we'd love to talk. If you have questions about any of our roles, talk with one of our Recruiters by signing up for our next chat: http://www.abouthomeadvisor.com/talk-to-us/